Mercurial > dovecot > core-2.2
changeset 1084:86b8c9cb7ac0 HEAD
Moved more auth code to login-common.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Sun, 02 Feb 2003 12:46:20 +0200 |
parents | f6ec28683512 |
children | 40c2be9abdd3 |
files | src/imap-login/client-authenticate.c src/imap-login/client.c src/imap-login/client.h src/login-common/Makefile.am src/login-common/auth-common.c src/login-common/auth-common.h src/login-common/client-common.h src/pop3-login/client-authenticate.c src/pop3-login/client.c src/pop3-login/client.h |
diffstat | 10 files changed, 237 insertions(+), 232 deletions(-) [+] |
line wrap: on
line diff
--- a/src/imap-login/client-authenticate.c Sun Feb 02 12:16:42 2003 +0200 +++ b/src/imap-login/client-authenticate.c Sun Feb 02 12:46:20 2003 +0200 @@ -13,6 +13,7 @@ #include "../auth/auth-mech-desc.h" #include "client.h" #include "client-authenticate.h" +#include "auth-common.h" #include "master.h" static enum auth_mech auth_mechs = 0; @@ -59,20 +60,21 @@ static void client_auth_abort(struct imap_client *client, const char *msg) { - if (client->auth_request != NULL) { - auth_abort_request(client->auth_request); - auth_request_unref(client->auth_request); - client->auth_request = NULL; + if (client->common.auth_request != NULL) { + auth_abort_request(client->common.auth_request); + auth_request_unref(client->common.auth_request); + client->common.auth_request = NULL; } - client_send_tagline(client, msg != NULL ? msg : + client_send_tagline(client, msg != NULL ? + t_strconcat("NO ", msg, NULL) : "NO Authentication failed."); o_stream_flush(client->output); /* get back to normal client input */ - if (client->io != NULL) - io_remove(client->io); - client->io = client->common.fd == -1 ? NULL : + if (client->common.io != NULL) + io_remove(client->common.io); + client->common.io = client->common.fd == -1 ? NULL : io_add(client->common.fd, IO_READ, client_input, client); client_unref(client); @@ -83,11 +85,12 @@ struct imap_client *client = (struct imap_client *) _client; const char *reason = NULL; - if (success) - reason = t_strconcat("Login: ", client->virtual_user, NULL); - else { + if (success) { + reason = t_strconcat("Login: ", client->common.virtual_user, + NULL); + } else { reason = t_strconcat("Internal login failure: ", - client->virtual_user, NULL); + client->common.virtual_user, NULL); client_send_line(client, "* BYE Internal login failure."); } @@ -114,100 +117,33 @@ t_pop(); } -static const char *auth_login_get_str(struct auth_login_reply *reply, - const unsigned char *data, size_t idx) -{ - size_t stop; - - if (idx >= reply->data_size || idx >= reply->reply_idx) - return NULL; - - stop = reply->reply_idx < reply->data_size ? - reply->reply_idx-1 : reply->data_size; - - return t_strndup(data, stop); -} - -static int auth_callback(struct auth_request *request, - struct auth_login_reply *reply, - const unsigned char *data, void *context) -{ - struct imap_client *client = context; - const char *user, *realm; - - if (reply == NULL) { - /* failed */ - auth_request_unref(client->auth_request); - client->auth_request = NULL; - client_auth_abort(client, "NO Authentication process died."); - return FALSE; - } - - switch (reply->result) { - case AUTH_LOGIN_RESULT_CONTINUE: - i_assert(client->auth_request == NULL); - - client->auth_request = request; - auth_request_ref(client->auth_request); - return TRUE; - - case AUTH_LOGIN_RESULT_SUCCESS: - auth_request_unref(client->auth_request); - client->auth_request = NULL; - - user = auth_login_get_str(reply, data, reply->username_idx); - realm = auth_login_get_str(reply, data, reply->realm_idx); - - i_free(client->virtual_user); - client->virtual_user = realm == NULL ? - i_strdup(user) : i_strconcat(user, "@", realm, NULL); - - /* we should be able to log in. if we fail, just - disconnect the client. */ - client_send_tagline(client, "OK Logged in."); - - master_request_imap(&client->common, master_callback, - request->conn->pid, request->id); - - /* disable IO until we're back from master */ - if (client->io != NULL) { - io_remove(client->io); - client->io = NULL; - } - return FALSE; - - case AUTH_LOGIN_RESULT_FAILURE: - /* see if we have error message */ - auth_request_unref(client->auth_request); - client->auth_request = NULL; - - if (reply->data_size > 0 && data[reply->data_size-1] == '\0') { - client_auth_abort(client, t_strconcat( - "NO Authentication failed: ", - (const char *) data, NULL)); - } else { - /* default error message */ - client_auth_abort(client, NULL); - } - return FALSE; - } - - i_unreached(); -} - static void login_callback(struct auth_request *request, struct auth_login_reply *reply, const unsigned char *data, struct client *_client) { struct imap_client *client = (struct imap_client *) _client; + const char *error; const void *ptr; size_t size; - if (auth_callback(request, reply, data, client)) { + switch (auth_callback(request, reply, data, _client, + master_callback, &error)) { + case -1: + /* login failed */ + client_auth_abort(client, error); + break; + + case 0: + /* continue */ ptr = buffer_get_data(client->plain_login, &size); auth_continue_request(request, ptr, size); buffer_set_used_size(client->plain_login, 0); + break; + default: + /* success, we should be able to log in. if we fail, just + disconnect the client. */ + client_send_tagline(client, "OK Logged in."); } } @@ -243,9 +179,9 @@ if (auth_init_request(AUTH_MECH_PLAIN, login_callback, &client->common, &error)) { /* don't read any input from client until login is finished */ - if (client->io != NULL) { - io_remove(client->io); - client->io = NULL; + if (client->common.io != NULL) { + io_remove(client->common.io); + client->common.io = NULL; } return TRUE; } else { @@ -262,9 +198,24 @@ struct client *_client) { struct imap_client *client = (struct imap_client *) _client; + const char *error; - if (auth_callback(request, reply, data, client)) + switch (auth_callback(request, reply, data, _client, + master_callback, &error)) { + case -1: + /* login failed */ + client_auth_abort(client, error); + break; + + case 0: + /* continue */ client_send_auth_data(client, data, reply->data_size); + break; + default: + /* success, we should be able to log in. if we fail, just + disconnect the client. */ + client_send_tagline(client, "OK Logged in."); + } } static void client_auth_input(void *context) @@ -290,7 +241,7 @@ return; if (strcmp(line, "*") == 0) { - client_auth_abort(client, "NO Authentication aborted"); + client_auth_abort(client, "Authentication aborted"); return; } @@ -300,11 +251,11 @@ if (base64_decode((const unsigned char *) line, linelen, NULL, buf) <= 0) { /* failed */ - client_auth_abort(client, "NO Invalid base64 data"); - } else if (client->auth_request == NULL) { - client_auth_abort(client, "NO Don't send unrequested data"); + client_auth_abort(client, "Invalid base64 data"); + } else if (client->common.auth_request == NULL) { + client_auth_abort(client, "Don't send unrequested data"); } else { - auth_continue_request(client->auth_request, + auth_continue_request(client->common.auth_request, buffer_get_data(buf, NULL), buffer_get_used_size(buf)); } @@ -348,10 +299,10 @@ if (auth_init_request(mech->mech, authenticate_callback, &client->common, &error)) { /* following input data will go to authentication */ - if (client->io != NULL) - io_remove(client->io); - client->io = io_add(client->common.fd, IO_READ, - client_auth_input, client); + if (client->common.io != NULL) + io_remove(client->common.io); + client->common.io = io_add(client->common.fd, IO_READ, + client_auth_input, client); } else { client_send_tagline(client, t_strconcat( "NO Authentication failed: ", error, NULL));
--- a/src/imap-login/client.c Sun Feb 02 12:16:42 2003 +0200 +++ b/src/imap-login/client.c Sun Feb 02 12:46:20 2003 +0200 @@ -120,9 +120,9 @@ /* must be removed before ssl_proxy_new(), since it may io_add() the same fd. */ - if (client->io != NULL) { - io_remove(client->io); - client->io = NULL; + if (client->common.io != NULL) { + io_remove(client->common.io); + client->common.io = NULL; } fd_ssl = ssl_proxy_new(client->common.fd); @@ -145,7 +145,8 @@ client_destroy(client, "TLS handshake failed"); } - client->io = io_add(client->common.fd, IO_READ, client_input, client); + client->common.io = + io_add(client->common.fd, IO_READ, client_input, client); return TRUE; } @@ -346,7 +347,7 @@ client->common.fd = fd; client_open_streams(client, fd); - client->io = io_add(fd, IO_READ, client_input, client); + client->common.io = io_add(fd, IO_READ, client_input, client); client->plain_login = buffer_create_dynamic(system_pool, 128, 8192); client->last_input = ioloop_time; @@ -370,15 +371,15 @@ i_stream_close(client->input); o_stream_close(client->output); - if (client->io != NULL) { - io_remove(client->io); - client->io = NULL; + if (client->common.io != NULL) { + io_remove(client->common.io); + client->common.io = NULL; } net_disconnect(client->common.fd); client->common.fd = -1; - i_free(client->virtual_user); + i_free(client->common.virtual_user); client_unref(client); }
--- a/src/imap-login/client.h Sun Feb 02 12:16:42 2003 +0200 +++ b/src/imap-login/client.h Sun Feb 02 12:46:20 2003 +0200 @@ -11,7 +11,6 @@ time_t created; int refcount; - struct io *io; struct istream *input; struct ostream *output; struct imap_parser *parser; @@ -22,8 +21,6 @@ const char *cmd_tag, *cmd_name; buffer_t *plain_login; - struct auth_request *auth_request; - char *virtual_user; unsigned int tls:1; unsigned int cmd_finished:1;
--- a/src/login-common/Makefile.am Sun Feb 02 12:16:42 2003 +0200 +++ b/src/login-common/Makefile.am Sun Feb 02 12:46:20 2003 +0200 @@ -4,6 +4,7 @@ -I$(top_srcdir)/src/lib liblogin_common_a_SOURCES = \ + auth-common.c \ auth-connection.c \ main.c \ master.c \ @@ -12,6 +13,7 @@ ssl-proxy-openssl.c noinst_HEADERS = \ + auth-common.h \ auth-connection.h \ common.h \ client-common.h \
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/login-common/auth-common.c Sun Feb 02 12:46:20 2003 +0200 @@ -0,0 +1,85 @@ +/* Copyright (C) 2002 Timo Sirainen */ + +#include "common.h" +#include "ioloop.h" +#include "client-common.h" +#include "auth-connection.h" +#include "auth-common.h" + +static const char *auth_login_get_str(struct auth_login_reply *reply, + const unsigned char *data, size_t idx) +{ + size_t stop; + + if (idx >= reply->data_size || idx >= reply->reply_idx) + return NULL; + + stop = reply->reply_idx < reply->data_size ? + reply->reply_idx-1 : reply->data_size; + + return t_strndup(data, stop); +} + +int auth_callback(struct auth_request *request, struct auth_login_reply *reply, + const unsigned char *data, struct client *client, + master_callback_t *master_callback, const char **error) +{ + const char *user, *realm; + + *error = NULL; + + if (reply == NULL) { + /* failed */ + auth_request_unref(client->auth_request); + client->auth_request = NULL; + *error = "Authentication process died."; + return -1; + } + + switch (reply->result) { + case AUTH_LOGIN_RESULT_CONTINUE: + if (client->auth_request != NULL) { + i_assert(client->auth_request == request); + } else { + i_assert(client->auth_request == NULL); + + client->auth_request = request; + auth_request_ref(client->auth_request); + } + return 0; + + case AUTH_LOGIN_RESULT_SUCCESS: + auth_request_unref(client->auth_request); + client->auth_request = NULL; + + user = auth_login_get_str(reply, data, reply->username_idx); + realm = auth_login_get_str(reply, data, reply->realm_idx); + + i_free(client->virtual_user); + client->virtual_user = realm == NULL ? + i_strdup(user) : i_strconcat(user, "@", realm, NULL); + + master_request_imap(client, master_callback, + request->conn->pid, request->id); + + /* disable IO until we're back from master */ + if (client->io != NULL) { + io_remove(client->io); + client->io = NULL; + } + return 1; + + case AUTH_LOGIN_RESULT_FAILURE: + /* see if we have error message */ + auth_request_unref(client->auth_request); + client->auth_request = NULL; + + if (reply->data_size > 0 && data[reply->data_size-1] == '\0') { + *error = t_strconcat("Authentication failed: ", + (const char *) data, NULL); + } + return -1; + } + + i_unreached(); +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/login-common/auth-common.h Sun Feb 02 12:46:20 2003 +0200 @@ -0,0 +1,9 @@ +#ifndef __AUTH_COMMON_H +#define __AUTH_COMMON_H + +int auth_callback(struct auth_request *request, struct auth_login_reply *reply, + const unsigned char *data, struct client *client, + master_callback_t *master_callback, const char **error); + +#endif +
--- a/src/login-common/client-common.h Sun Feb 02 12:16:42 2003 +0200 +++ b/src/login-common/client-common.h Sun Feb 02 12:46:20 2003 +0200 @@ -2,12 +2,18 @@ #define __CLIENT_COMMON_H #include "network.h" +#include "master.h" struct client { struct ip_addr ip; + int fd; + struct io *io; + struct auth_request *auth_request; master_callback_t *master_callback; + + char *virtual_user; /* ... */ };
--- a/src/pop3-login/client-authenticate.c Sun Feb 02 12:16:42 2003 +0200 +++ b/src/pop3-login/client-authenticate.c Sun Feb 02 12:46:20 2003 +0200 @@ -11,9 +11,10 @@ #include "auth-connection.h" #include "../auth/auth-mech-desc.h" #include "../pop3/capability.h" +#include "master.h" +#include "auth-common.h" #include "client.h" #include "client-authenticate.h" -#include "master.h" static enum auth_mech auth_mechs = 0; static char *auth_mechs_capability = NULL; @@ -62,19 +63,19 @@ static void client_auth_abort(struct pop3_client *client, const char *msg) { - if (client->auth_request != NULL) { - auth_abort_request(client->auth_request); - client->auth_request = NULL; + if (client->common.auth_request != NULL) { + auth_abort_request(client->common.auth_request); + client->common.auth_request = NULL; } - client_send_line(client, msg != NULL ? msg : + client_send_line(client, msg != NULL ? t_strconcat("-ERR ", msg, NULL) : "-ERR Authentication failed."); o_stream_flush(client->output); /* get back to normal client input */ - if (client->io != NULL) - io_remove(client->io); - client->io = client->common.fd == -1 ? NULL : + if (client->common.io != NULL) + io_remove(client->common.io); + client->common.io = client->common.fd == -1 ? NULL : io_add(client->common.fd, IO_READ, client_input, client); client_unref(client); @@ -85,11 +86,12 @@ struct pop3_client *client = (struct pop3_client *) _client; const char *reason = NULL; - if (success) - reason = t_strconcat("Login: ", client->virtual_user, NULL); - else { + if (success) { + reason = t_strconcat("Login: ", client->common.virtual_user, + NULL); + } else { reason = t_strconcat("Internal login failure: ", - client->virtual_user, NULL); + client->common.virtual_user, NULL); client_send_line(client, "* BYE Internal login failure."); } @@ -116,94 +118,33 @@ t_pop(); } -static const char *auth_login_get_str(struct auth_login_reply *reply, - const unsigned char *data, size_t idx) -{ - size_t stop; - - if (idx >= reply->data_size || idx >= reply->reply_idx) - return NULL; - - stop = reply->reply_idx < reply->data_size ? - reply->reply_idx-1 : reply->data_size; - - return t_strndup(data, stop); -} - -static int auth_callback(struct auth_request *request, - struct auth_login_reply *reply, - const unsigned char *data, void *context) -{ - struct pop3_client *client = context; - const char *user, *realm; - - if (reply == NULL) { - /* failed */ - client->auth_request = NULL; - client_auth_abort(client, "-ERR Authentication process died."); - return FALSE; - } - - switch (reply->result) { - case AUTH_LOGIN_RESULT_CONTINUE: - client->auth_request = request; - return TRUE; - - case AUTH_LOGIN_RESULT_SUCCESS: - client->auth_request = NULL; - - user = auth_login_get_str(reply, data, reply->username_idx); - realm = auth_login_get_str(reply, data, reply->realm_idx); - - i_free(client->virtual_user); - client->virtual_user = realm == NULL ? - i_strdup(user) : i_strconcat(user, "@", realm, NULL); - - /* we should be able to log in. if we fail, just - disconnect the client. */ - client_send_line(client, "+OK Logged in."); - - master_request_imap(&client->common, master_callback, - request->conn->pid, request->id); - - /* disable IO until we're back from master */ - if (client->io != NULL) { - io_remove(client->io); - client->io = NULL; - } - return FALSE; - - case AUTH_LOGIN_RESULT_FAILURE: - /* see if we have error message */ - client->auth_request = NULL; - - if (reply->data_size > 0 && data[reply->data_size-1] == '\0') { - client_auth_abort(client, t_strconcat( - "-ERR Authentication failed: ", - (const char *) data, NULL)); - } else { - /* default error message */ - client_auth_abort(client, NULL); - } - return FALSE; - } - - i_unreached(); -} - static void login_callback(struct auth_request *request, struct auth_login_reply *reply, const unsigned char *data, struct client *_client) { struct pop3_client *client = (struct pop3_client *) _client; + const char *error; const void *ptr; size_t size; - if (auth_callback(request, reply, data, client)) { + switch (auth_callback(request, reply, data, _client, + master_callback, &error)) { + case -1: + /* login failed */ + client_auth_abort(client, error); + break; + + case 0: ptr = buffer_get_data(client->plain_login, &size); auth_continue_request(request, ptr, size); buffer_set_used_size(client->plain_login, 0); + break; + + default: + /* success, we should be able to log in. if we fail, just + disconnect the client. */ + client_send_line(client, "+OK Logged in."); } } @@ -240,9 +181,9 @@ if (auth_init_request(AUTH_MECH_PLAIN, login_callback, &client->common, &error)) { /* don't read any input from client until login is finished */ - if (client->io != NULL) { - io_remove(client->io); - client->io = NULL; + if (client->common.io != NULL) { + io_remove(client->common.io); + client->common.io = NULL; } return TRUE; } else { @@ -259,9 +200,24 @@ struct client *_client) { struct pop3_client *client = (struct pop3_client *) _client; + const char *error; - if (auth_callback(request, reply, data, client)) + switch (auth_callback(request, reply, data, _client, + master_callback, &error)) { + case -1: + /* login failed */ + client_auth_abort(client, error); + break; + + case 0: client_send_auth_data(client, data, reply->data_size); + break; + + default: + /* success, we should be able to log in. if we fail, just + disconnect the client. */ + client_send_line(client, "+OK Logged in."); + } } static void client_auth_input(void *context) @@ -280,7 +236,7 @@ return; if (strcmp(line, "*") == 0) { - client_auth_abort(client, "-ERR Authentication aborted"); + client_auth_abort(client, "Authentication aborted"); return; } @@ -290,11 +246,11 @@ if (base64_decode((const unsigned char *) line, linelen, NULL, buf) <= 0) { /* failed */ - client_auth_abort(client, "-ERR Invalid base64 data"); - } else if (client->auth_request == NULL) { - client_auth_abort(client, "-ERR Don't send unrequested data"); + client_auth_abort(client, "Invalid base64 data"); + } else if (client->common.auth_request == NULL) { + client_auth_abort(client, "Don't send unrequested data"); } else { - auth_continue_request(client->auth_request, + auth_continue_request(client->common.auth_request, buffer_get_data(buf, NULL), buffer_get_used_size(buf)); } @@ -329,10 +285,10 @@ if (auth_init_request(mech->mech, authenticate_callback, &client->common, &error)) { /* following input data will go to authentication */ - if (client->io != NULL) - io_remove(client->io); - client->io = io_add(client->common.fd, IO_READ, - client_auth_input, client); + if (client->common.io != NULL) + io_remove(client->common.io); + client->common.io = io_add(client->common.fd, IO_READ, + client_auth_input, client); } else { client_send_line(client, t_strconcat( "-ERR Authentication failed: ", error, NULL));
--- a/src/pop3-login/client.c Sun Feb 02 12:16:42 2003 +0200 +++ b/src/pop3-login/client.c Sun Feb 02 12:46:20 2003 +0200 @@ -75,9 +75,9 @@ /* must be removed before ssl_proxy_new(), since it may io_add() the same fd. */ - if (client->io != NULL) { - io_remove(client->io); - client->io = NULL; + if (client->common.io != NULL) { + io_remove(client->common.io); + client->common.io = NULL; } fd_ssl = ssl_proxy_new(client->common.fd); @@ -96,7 +96,8 @@ client_destroy(client, "TLS handshake failed"); } - client->io = io_add(client->common.fd, IO_READ, client_input, client); + client->common.io = + io_add(client->common.fd, IO_READ, client_input, client); return TRUE; } @@ -244,7 +245,7 @@ client->common.ip = *ip; client->common.fd = fd; - client->io = io_add(fd, IO_READ, client_input, client); + client->common.io = io_add(fd, IO_READ, client_input, client); client_open_streams(client, fd); client->plain_login = buffer_create_dynamic(system_pool, 128, 8192); @@ -268,15 +269,15 @@ i_stream_close(client->input); o_stream_close(client->output); - if (client->io != NULL) { - io_remove(client->io); - client->io = NULL; + if (client->common.io != NULL) { + io_remove(client->common.io); + client->common.io = NULL; } net_disconnect(client->common.fd); client->common.fd = -1; - i_free(client->virtual_user); + i_free(client->common.virtual_user); client_unref(client); }
--- a/src/pop3-login/client.h Sun Feb 02 12:16:42 2003 +0200 +++ b/src/pop3-login/client.h Sun Feb 02 12:46:20 2003 +0200 @@ -11,7 +11,6 @@ time_t created; int refcount; - struct io *io; struct istream *input; struct ostream *output; @@ -19,8 +18,6 @@ unsigned int bad_counter; buffer_t *plain_login; - struct auth_request *auth_request; - char *virtual_user; unsigned int tls:1; };